pam_authtok_check(5)

NAME

pam_authtok_check– authentication and password management module

SYNOPSIS

pam_authtok_check.so.1

DESCRIPTION

pam_authtok_check provides functionality to the Password Management stack. The implementation of pam_sm_chauthtok(), performs a number of checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the
PAM framework, once with flags set to PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This module expects the current authentication token in the PAM_OLDAUTHTOK item,
the new (to be checked) password in the PAM_AUTHTOK item, and the login name in the PAM_USER item. The checks performed by this module are:

length

The password length should not be less that the minimum specified in /etc/default/passwd.

circular shift

The password should not be a circular shift of the login name.

complexity

The password should contain at least two alpha characters and one numeric or special character.